As Wauchos was sold on underground forums, there were various monetization schemes. One of them was to use the form grabber plugin to steal passwords for online accounts.
Throughout its monitoring of the threat, ESET found dozens of C&C servers every month. The bulk of ESET’s research was conducted late last year, with the peak of Wauchos’s activity going back approximately to that time.
Wauchos is an extensible bot that allows its owner to create and use custom plugins. However, there are some plugins that are widely available and that are used by many different botnets.
Google has been forced to remove almost 300 apps from its Play Store after learning that apps were being hijacked for DDoS attacks.
Earlier this week coordinated law enforcement action took down the Avalanche fast-flux network. ESET has been assisting in the cleanup.
Law enforcement agencies from around the globe, aided by Microsoft security researchers, today announced the disruption of one of the most widely distributed malware families – Win32/Dorkbot.
As promised in our post about the European Cyber Security Month during October, we are publishing about Botnets and Exploits this week. Even though we had the Poodle flaw in the web encryption standard a few days ago, we are using this week to explain what are botnets and exploits and how they work.
A statistical tool first used in 1966 and currently used in speech and gesture recognition may hold a key to sniffing out botnets - by predicting the likely “next move” of infected PCs and the healthy computers around them, researchers have claimed.
Only weeks after Microsoft unveiled a global Cybercrime Center armed with new, hi-tech tools to combat crime, it announced it had carried out a global action leading to "significant disruption" of the Siferef botnet, a network controlling up to two million "zombie" PCs.
TOR-based botnets are not a new trend and were already being discussed a few years ago at Defcon 18 (“Resilient Botnet Command and Control with Tor”). But in the last year we’ve been able to confirm some interesting facts concerning the use of these ideas in real-world botnets. This topic was already discussed around the beginning
Microsoft and the FBI have broken up a large portion of the Citadel botnet - a network which had stolen $500 million from bank accounts in 90 countries around the world by installing keylogger software on five million machines.
The European cyber security agency ENISA said Internet Service Providers in the EU have failed to implement a set of best practice recommendations which have been in place for 13 years - which could reduce the scope of even the largest DDoS attacks.
Malware authors have a solid track record in regards to creative Command and Control protocols. We’ve seen peer-to-peer protocols, some custom (Sality), some standard (Win32/Storm uses the eDonkey P2P protocol). We’ve seen binary protocols (Win32/Peerfrag, aka Palevo). We’ve seen other custom protocols that leverage other standard protocols such as HTTP (Win32/Georbot), DNS (Morto)and IRC (Win32/AutoRun.IRCBot.AK),
Nitol versus Michelangelo: the supply chain is much more than the production line.
Win32/Quervar (a.k.a Dorifel, XDocCrypt) is a virus family that has been in the news recently, especially in the Netherlands. It has been reported to be causing havoc on computers of several notable Dutch institutions. In our analysis, we provide additional technical details about the workings of the virus and compare it to another virus, the
Jonathan Brossard describes an 'undetectable, unremovable' attack on firmware through gimmicked hardware or a subsequent malware attack. David Harley isn't convinced.
Detailed analysis of Rovnix.D reveal updates to the code injection technique employed, allowing multiple injections with a variety of payloads.
Changes in the threatscape as regards exploitation of 64-bit systems, exemplified by the latest modifications to the Rovnix bootkit.
Carberp is a unique case, with all the guys who organized really big botnets and made big profits (millions of US dollars) being arrested.
We have been following the development of the Win32/Gataka banking Trojan for several months and can now share some details of its operation which includes facilitating fraudulent bank transfers. This first post will highlight some of its key features, while the second will detail several interesting, more technical aspects of this malware. This banking Trojan